Forcing a revalidate on mvc3 unobtrusive remote validation - asp.net-mvc-3

It's a classic login flow. The user can choose between 'new user' or 'existing user'. If the user is new, the name in the login box should validate against the server to see if the username is unique, if it's an existing user this check will be skipped since we expect the username to be taken already (ofcourse).
I added a [Remote] attribute on the viewmodel and added the radiobutton for new/exiting user as 'additional fields'. This way the remote validation will just return true if it's an existing user, and check the database if it's not, to see if the username is taken.
This works great, except when the user decides to change the radiobutton (new/existing) after entered a username (and the remote validation has run). Since remote validation is only automatically run when the username changes (that's the property with [Remote] attribute), changing the radiobutton alone, will not have it run again.
So my problem is, how can i force the remote validation to run again? I tried the usual hacks by triggering a change/focus/blur event on the username input field, but the call is not triggered. I considered adding a similar [Remote] on the radiobutton, but that would really complicate things with two equal looking error messages, placed at the same absolute position.
Is there any way to trigger a revalidation?

I believe that jquery validation can be triggered using $("#formID").validate()
Some more options can be found in the docs: http://docs.jquery.com/Plugins/validation, and at Brad Wilson's blog (you can also find some info in the comments)
Have you looked into the Data attributes that the input has, maybe it's cached? something like this.
EDIT: Just for clarification, this is how i got it to work
$('#UserName').removeData('previousValue');
$('form').validate().element('#UserName');

Related

Programmatically determine if Sagepay card details form is incomplete

I'm looking for some help with regards to the drop-in checkout integration.
https://developer-eu.elavon.com/docs/opayo/integrate-our-drop-checkout
In particular I'm following ‘custom flow’ example - see first code example for the Custom Flow section. https://developer-eu.elavon.com/docs/opayo/spec/api-reference#section/Custom-flow
In summary how can I programmatically determine if the sagepay 'card details' form which is injected into the sp-container (hosted in an iframe) is not valid for submission/tokenisation, when a call ‘tokenise’ link is used?
For example when the user has not completed all the required fields; Name, Card Number, Expiry or CVC.
I'm following the flow calling sagepayCheckout.tokenise() when the user clicks our 'Complete Payment' button (referred to as the tokenise link in the custom flow example).
NB: Implementation is part of a SPA app in my particular case I'm not submitting the (outer) form rather handling things using javascipt and calling the tokenise method.
Normally the onTokenise call back method is called on success or when wrong card details have been entered or merchantKey has expired. But when the injected sagepay form fails its own validity the onTokenise call back is never called.
NB: Due to browser security I can't check the state of the fields inside the iframe.
Ok some good points to note:
The sagepay form does feedback to the user about errors that required fields need to be completed.
And sagepayCheckout.tokenise() doesn't try to submit my (outer) form when these errors exist.
But there doesn't seem to be a programmatic way to know if the required fields need to be complete (or the onTokenise call back wont be called).
The main reason I need to know when the form is incompleted or tokenise has failed would be to re-enable our 'Complete Payment' button. Currently our button is disabled as soon as the user clicks it to prevent multiple clicks.
I am having this exact same problem. The only way I have been able to think of to get around this is to use the message event listener on the window. The sagepay.js library registers a 'message' event on the window object probably when the sagepayCheckout method is called.
Side note: this method is also poorly implemented as anything else that uses the window message event will cause the sagpay.js library to throw errors.
I think the only purpose of sagepay.js' message event hander is to resize the iframe window when its content changes. If you were to assume the content of the iframe will only change when validation fails you might be able use that to reset the state of your 'Complete Payment' button.
I would also suggest making a complaint to Opayo. This library is clunky and in desperate need of improvement.

Process "Automatic Row Processing (DML)" not obeying Form edit authorizations in attributes

I have a region of type Form and a process of type Automatic Row Processing (DML) for this form. I've configured the form edit authorization schemes (in Attributes) for each operation: Add, Update and Delete:
But the process doesn't obbey the authorization schemes. It always runs. Here is my proccess:
I've applied the same authorization schemes on the buttons CREATE, SAVE and DELETE, and they are disappearing accordly. But a malicious user can execute this command on browser console with success, even if the related authorization scheme returns false: apex.page.submit("DELETE");
Am I doing something wrong? Or this is a security fail?
Oracle Apex 19.1
Thanks in advance.
I just tried this on my own APEX 19.2 application and was able to reproduce the issue. It does seem odd to me that you are able to perform these actions without having the proper authorization. Thanks for the heads up!
I was able to work around the issue by adding an Authorization Scheme to my Form - Automatic Row Processing (DML).
Since you have a CREATE, SAVE, and DELETE button, you may have to set up 3 Form - Automatic Row Processing (DML) Processes, set up each one to only execute on the When Button Presssed condition (one for each button) and assign the appropriate Authorization Scheme to each Process.

Override default username validation of MembershipReboot

I'm using Thinktecture IdentityServer with MembershipReboot and i'm trying to find a way to override the default username validation of username.
my case is that I want to allow username to be email or not and not the same as the user email.
The username validation is configured in UserAccountService, I can add validation but I Don't know how to remove them.
I'd simply like to remove the validatior UsernameDoesNotContainAtSign and UsernameOnlyContainsLettersAndDigits, and do that without any modification of MembershipReboot, through configuration or ?
Edit:
Related GitHub issues:
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/331
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/339
https://github.com/brockallen/BrockAllen.MembershipReboot/issues/370
Some of these validation rules are hard coded. If you have a use case for changing them, I'd suggest opening an issue on the github issue tracker so we can discuss.

How to invoke command link/button action anyway regardless of validation error

My command link/button is not being invoked because of a validation error. However, even if I have that error I want my action to be invoked anyway, because I have to set some value in session.
How can I achieve this?
Looks like you want to add immediate="true" to your h:commandLink. This will skip validation when clicking the link.
See this link or the walkthrough from BalusC for more information.
Note that your model will not be updated when the action is called, so you wont have access to any of the values the user entered.

In CakePHP 1.3 is there any advantage of using $this->Controller->Session over $this->Session in a component?

I'm using a modified version of Felix Geisendörfer's SimpleAuth/SimpleAcl components that I've combined into a single Component, Simple_Authable.
I changed his startup() function to initialize() to not clutter the beforeFilter function in my app_controller.
One of the things that this component does is check who the active user is and if that user can't be found it either looks him up based on the primary User.id or uses 'guest'. Either way, the component uses $this->Controller->Session->write() to save the active user or guest information.
I'm also using Felix's Authsome plugin instead of the default CakePHP Auth component.
When I'm logging in, the active user is guest, obviously.
After I've submitted the form, the active user is still guest because the component's initialize() function is firing before everything else. Then, the Authsome plugin comes into play and validates my user as "root" and also calls $this->SimpleAuthable->setActiveUser($id, true); to force SimpleAuthable to update the active user information it is storing via $this->Controller->Session; Then I am redirected and my simple Session information and DebugKit's Session tab reflect that I am indeed the root user.
However, when I try to navigate to an 'admin' page, let's say /admin/users/index, lo and behold SimpleAuthable thinks I'm still a 'guest' user because when it performs a $this->Controller->Session->read() call to the key holding my user id, it is getting an empty response, i.e., the data stored on the previous page didn't persist.
Maybe there is something funky happening between Authsome & SimpleAuthable, but things look pretty straightforward and to my mind, $this->Controller->Session should be saving and persisting the data written to it.
So, I'm looking at refactoring all the calls to $this->Controller->Session and replacing them with $this->Session but first I wanted to throw this out to the community and see if anybody has seen anything similar and if so how did they resolve it.
Sincerely,
Christopher.
I found the problem... I'm also using Joshua McNeese's Permissionable plugin and I needed to disable it for the $this->Controller->{$this->userModel}->findById($id); in my SimpleAuthable component when I try to lookup the current active user.
Note to self: I would have caught this faster if I had some unit testing in place :(.

Resources